Monday, 3 November 2025

Malicious VSX Extension "SleepyDuck" Uses Ethereum to Keep Its Command Server Alive

iT4iNT SERVER Cybersecurity researchers have flagged a new malicious extension in the Open VSX registry that harbors a remote access trojan called SleepyDuck.
According to Secure Annex's John Tuckner, the extension in question, juan-bianco.solidity-vlang (version 0.0.7), was first published on October 31, 2025, as a completely benign library that was subsequently updated to version 0.0.8 on November 1 to VDS VPS Cloud


http://dlvr.it/TP3C1v
-

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

Anthropic MCP Design Vulnerability Enables RCE, Threatening AI Supply Chain

iT4iNT SERVER Cybersecurity researchers have discovered a critical "by design" weakness in the Model Context Protocol's (MCP) ...